Allow custom salt on NIP-44

44.md

@@ -70,7 +70,8 @@ NIP-44 version 2 has the following design characteristics:
 1. Calculate a conversation key
    - Execute ECDH (scalar multiplication) of public key B by private key A
      Output `shared_x` must be unhashed, 32-byte encoded x coordinate of the shared point
-   - Use HKDF-extract with sha256, `IKM=shared_x` and `salt=utf8_encode('nip44-v2')`
+   - Use HKDF-extract with sha256, `IKM=shared_x` and `salt=utf8_encode(custom_string || 'nip44-v2')`
+   - Validate that salt is up to 32 bytes
    - HKDF output will be a `conversation_key` between two users.
    - It is always the same, when key roles are swapped: `conv(a, B) == conv(b, A)`
 2. Generate a random 32-byte nonce
@@ -220,9 +221,11 @@ def hmac_aad(key, message, aad):
   return hmac(sha256, key, concat(aad, message));
 
 # Calculates long-term key between users A and B: `get_key(Apriv, Bpub) == get_key(Bpriv, Apub)`
-def get_conversation_key(private_key_a, public_key_b):
+def get_conversation_key(private_key_a, public_key_b, salt):
+  if not salt: salt = utf8_encode('nip44-v2')
+  if len(salt) > 32: raise Exception('invalid salt length')
   shared_x = secp256k1_ecdh(private_key_a, public_key_b)
-  return hkdf_extract(IKM=shared_x, salt=utf8_encode('nip44-v2'))
+  return hkdf_extract(IKM=shared_x, salt)
 
 # Calculates unique per-message key
 def get_message_keys(conversation_key, nonce):